Below is a collection of ideas for student projects. Some are half-backed, some are not even written down. If you are interested in systems-oriented computer science and computer security, talk to me in person. In general I expect that students have a solid understanding of operating systems and computer networks and that they are able to handle programming tasks well.
Trusted Execution Environments
Trusted Execution Environments (TEEs) such as ARM's Trustzone or Intel's Enclave are secure areas inside a main processor. The idea is that data and applications contained in TEEs is protected with respect to confidentiality and integrity. Systems execute a trusted operating system inside the TEE and they may load trusted applications into the TEE. The goal of this project is investigate the state of the art in TEEs and their open source software systems and to prototype novel trusted applications that may help to secure networked embedded devices.
This work requires strong interest in working with low-level C code in embedded systems. It also requires a certain portion of creativity and the willingness to work with fast developing new technology.
Remote attestation techniques are used to verify claims about the integrity and trustworthiness of computing systems. An attester usually running inside a TEE is collecting data about a system and formulating claims that are signed and send to a verifier. The verifier is then checking the claims against known good values in order to produce a signed attestation that can be given to other software modules that are interested in managing how much they trust the attested system. Work is underway to create standards for remote attestation and the goal is to prototype and experiment with the developing technology.
This work requires strong interest in working with technology that is in the process of being standardized. Good prototyping skills will be a benefit and the willingness to work with evolving technology specifications.
ORC on OpenWrt
RFC 8040 defines a protocol that can be used to manage the configuration of a remote system. An implementation of the protocol (called orc) has been created in the past. The goal of this project is to find shortcomings in the orc implementation (i.e., by creating an extended automated test suite) and to develop and implement solutions. Another direction could be to make the user interface LUCI work with orc instead of the existing interface to access configuration and status information. Another direction might be to reimplement orc using Rust and to study the costs in terms of memory and cpu overhead relative to the C version.
This project requires interest in programming in C (or Rust) on resource constrained embedded Linux systems.
DDoS Protection using DOTS
The IETF has defined a protocols to signal DDoS attacks. The goal of this project is to continue work on a data channel protocol using the orc RESTCONF protocol implementation on OpenWrt systems.
This project requires interest in programming in C on resource constrained embedded Linux systems.
Open Source CPU Designs
Open-source hardware designs are gaining traction. Paired with open source operating systems running on them, these designs provide companies full insights into all aspects of critical infrastructure components. Open-source hardware is sometimes seen as a critical incredient for digital sovereignty. Open-source hardware designs that goes beyond the design of PCBs (like Arduino) are for example the OpenRISC project, the design of a full CPU and related tool chains. The goal of this project is to investigate the state of the art with a specific focus on security features provided by open hardware CPU designs.
The project requires a strong interest in computer architecture.
Corona Warn Apps
The pandemic has led to the creation of "Corona Apps" that try to recognize contacts between people and may warn users if they had a contact with a person positively tested in the past. Countries have taken different technical approaches but most apps rely on measuring distances using Blootooth signal strengths, which is a very fuzzy distance measurement technique. The goal of this project is to investigate the different implementations that have been created and to consider possible extensions. For example, for use at Jacobs University, it might be possible to create an app that can automatically determine presence in lecture halls or other facilities and report the presence in a way that allows health officials to backtrack contacts without exposing data to other purposes.
Collaborative editing is on the rise and the pandemic has pushed this even more. An early well working example of collaborative editors is Google docs. For LaTeX users, a popular online LaTeX editors supporting collaborative editing is Overleaf. On the software developer side, early collaborative scratchpads like Etherpad get often replaced by more powerful tools like CodiMD. When it comes to code writing, there are various collaborative tools under development that aim to move the entire development processes (editing, compiling, testing, debugging) into the web.
All these approaches have in common that they utilize a (centralized) web server. An entirely different approach is to enable existing (offline) editors to temporarily allow collaborative editing. This is useful, for example, in teaching situations where it can be useful to temporarily take (shared) control of an editor in order to help resolve problems or to outline different approaches. This may also be useful in classroom settings where an instructor wants to invite a student to write or modify some code on the instructor's machine connected to a beamer. This can also be useful in situations where a developer needs the help of another developer to resolve a problem or in peer programming scenarios. (This whole topic has also gained importance recently due to hygiene rules that make it difficult to share a physical keyboard.)
The goal of this project is to investigate the state of the art of non-web-based collaborative editing functions and to prototype new solutions where necessary.